-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl version 7.65.0 and Ruby version 2.4.6. This release addresses vulnerabilities related to CVE-2019-5435, CVE-2019-5436, CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, and CVE-2019-8325. We strongly encourage all libcurl users to upgrade to version 7.65.0 and all Ruby users to upgrade to version 2.4.6.
 
 
AFFECTED VERSIONS
All versions of libcurl through 7.64.1
All versions of Ruby through 2.4.5

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2019-5435 - MEDIUM
libcurl 7.65.0
Fixed bug related to CVE-2019-5435

CVE-2019-5436 - MEDIUM
libcurl 7.65.0
Fixed bug related to CVE-2019-5436

CVE-2019-8320 - MEDIUM
Ruby 2.4.6
Fixed bug related to CVE-2019-8320


CVE-2019-8321 - MEDIUM
Ruby 2.4.6
Fixed bug related to CVE-2019-8321

CVE-2019-8322 - MEDIUM
Ruby 2.4.6
Fixed bug related to CVE-2019-8322

CVE-2019-8323 - MEDIUM
Ruby 2.4.6
Fixed bug related to CVE-2019-8323

CVE-2019-8324 - MEDIUM
Ruby 2.4.6
Fixed bug related to CVE-2019-8324

CVE-2019-8325 - MEDIUM
Ruby 2.4.6
Fixed bug related to CVE-2019-8325



SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on MAY 29, 2019, with updated versions of libcurl version 7.65.0 and Ruby version 2.4.6. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2019-5435
https://nvd.nist.gov/vuln/detail/CVE-2019-5436
https://nvd.nist.gov/vuln/detail/CVE-2019-8320
https://nvd.nist.gov/vuln/detail/CVE-2019-8321
https://nvd.nist.gov/vuln/detail/CVE-2019-8322
https://nvd.nist.gov/vuln/detail/CVE-2019-8323
https://nvd.nist.gov/vuln/detail/CVE-2019-8324
https://nvd.nist.gov/vuln/detail/CVE-2019-8325
https://curl.haxx.se/changes.html
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/








-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlzutFgUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd979A//b/jNtGnPTgt73e8+IeLS26ftQmCW
akWqsX1GF/2CmqrbrZqxTlhZUNhX5dHiB7lAZPe2oydh4S3nR/zqmL1IhX0TXgF2
hLuIpbt5nkVcVXS+NY9KfcwKJhuS+y6XO5Hr/G2dKP31wnQJNDAGtlbUA6oM+Fwz
Qns0MZyePBHZGPmSCktnT5sdp8ZyQ81fc4ud6c16I6rlsqmDL5jDfp5OCachFqmw
nsvaX9SxVBQsV3IHSPWlIiH0XAGsSICvgR1IhqEUaZ3obFqfYE9iVg78jBNvKmlS
bFWBzaASkDNDvbgflR+KIUQ3ZBFSez6Y/oFrjdvQV+5JP+uz4UqKl6LkAUBjlzz/
qNSN2Nx++sIkQWI+sNazw/YVPah2LVHbYOJT8EH0MSFpKGQlMd3NzdFNqEMh/4uQ
ljqeFgfpUchN5+IocOqfAKIk2nzeWwyLtloum72u27cDN/Wg6exxo9PLESr4AUtm
Bl/HDCgTW2klOQWfO+lmq2Gc3EE0RxvDZ6v6vGPJww1LmYdhhdmX7s9dHfGqNT5g
K9Hw3AjYA7dNx00IJuG+3GBejbe0CFbueS6diwDOjJ1DWrjU8Otf8qoylrE+Bu3K
b8ESuONc2QrLzUoc70CrXEIgcnLaZA4abC8IfBxh7rK8WoKi5lFyGAEMVy7H/w7x
iCMGPmgWjk4J428=
=AX9M
-----END PGP SIGNATURE-----